From 9463a31107beccf3adc3e2f4079fbfb123b7bebc Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Fri, 5 Sep 2025 20:51:08 +0200
Subject: [PATCH] =?UTF-8?q?Change=20=E2=80=9CPosting=20defaults=E2=80=9D?=
 =?UTF-8?q?=20settings=20page=20to=20enforce=20`nobody`=20quote=20policy?=
 =?UTF-8?q?=20for=20`private`=20default=20visibility=20(#36040)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../posting_defaults_controller.rb            |  6 ++++
 app/javascript/entrypoints/public.tsx         | 32 +++++++++++++++++++
 2 files changed, 38 insertions(+)

diff --git a/app/controllers/settings/preferences/posting_defaults_controller.rb b/app/controllers/settings/preferences/posting_defaults_controller.rb
index 53fee0e5c..dcff94fc7 100644
--- a/app/controllers/settings/preferences/posting_defaults_controller.rb
+++ b/app/controllers/settings/preferences/posting_defaults_controller.rb
@@ -6,4 +6,10 @@ class Settings::Preferences::PostingDefaultsController < Settings::Preferences::
   def after_update_redirect_path
     settings_preferences_posting_defaults_path
   end
+
+  def user_params
+    super.tap do |params|
+      params[:settings_attributes][:default_quote_policy] = 'nobody' if params[:settings_attributes][:default_privacy] == 'private'
+    end
+  end
 end
diff --git a/app/javascript/entrypoints/public.tsx b/app/javascript/entrypoints/public.tsx
index 0970fc585..db72be651 100644
--- a/app/javascript/entrypoints/public.tsx
+++ b/app/javascript/entrypoints/public.tsx
@@ -145,6 +145,10 @@ function loaded() {
       );
     });
 
+  updateDefaultQuotePrivacyFromPrivacy(
+    document.querySelector('#user_settings_attributes_default_privacy'),
+  );
+
   const reactComponents = document.querySelectorAll('[data-component]');
 
   if (reactComponents.length > 0) {
@@ -364,6 +368,34 @@ Rails.delegate(
   },
 );
 
+const updateDefaultQuotePrivacyFromPrivacy = (
+  privacySelect: EventTarget | null,
+) => {
+  if (!(privacySelect instanceof HTMLSelectElement) || !privacySelect.form)
+    return;
+
+  const select = privacySelect.form.querySelector<HTMLSelectElement>(
+    'select#user_settings_attributes_default_quote_policy',
+  );
+  if (!select) return;
+
+  if (privacySelect.value === 'private') {
+    select.value = 'nobody';
+    setInputDisabled(select, true);
+  } else {
+    setInputDisabled(select, false);
+  }
+};
+
+Rails.delegate(
+  document,
+  '#user_settings_attributes_default_privacy',
+  'change',
+  ({ target }) => {
+    updateDefaultQuotePrivacyFromPrivacy(target);
+  },
+);
+
 // Empty the honeypot fields in JS in case something like an extension
 // automatically filled them.
 Rails.delegate(document, '#registration_new_user,#new_user', 'submit', () => {